Table of Contents
E-commerce is exchange of goods and services online. Most major brands all over the world are present online through websites and digital advertising. Some of these brands do not even have physical buildings built of bricks and mortar. E-commerce is not just limited by business to consumer transactions; it also extends to business to business transactions. An example of a business to business transaction is between a manufacturer and a wholesaler or distributor. Retailers adopt different models of doing business when operating online. Many manufacturers that are involved in E-commerce have in the past restricted business to online transactions where they pay for the goods and services online and they are delivered.
Online security is, therefore, not about the number of features software has but the measures taken by those who use it to ensure that they keep safe. A weak link in the system or a loop hole in the process jeopardizes the entire security system (Bainbridge, 2004). That is the reason why this report focuses on the possible online security attacks on e-commerce systems and how consumers and manufacturers can stay safe when transacting online. This article also seeks to address strategies that can be implemented to ensure that all online shoppers are safe. There are three major concepts in the web security and they include availability, confidentiality and integrity.
The first concept, confidentiality, requires that the system is set in such a way that only authorized persons have access to private and confidential information. A good example is when you post a letter. The postman is not allowed to read your letter as this will be a breach of contract. The second important aspect is integrity. Integrity ensures that information reaches the receiver just like it was sent from the sender. Just like in the example of a postman, it would be lack of integrity on his part if he or she tampered with information contained in a letter. If an extra bill was added to your credit card bill by a service provider, your provider would be lacking in integrity. Finally, availability requires that you have access to the resources that you are authorized to access when you need to access it.
It is important for a business to have online presence if it intends to reach many clients. Clients who may not be able to access the physical office of a manufacturer are able to browse the products online and from the comfort of their houses. There have been modifications to e-commerce recently where consumers browse online, pick products, pay for them and then pick the products from the physical store. E-commerce is especially convenient in the service industry such as banking or stock brokerage. Clients are able to save time when they need to transfer funds, print statements and pay bills as they can do this online whenever they want and from wherever they may wish to do these. This saves them time they would have spent queuing in banking halls (Stuller, 2007).
When transacting through e-commerce, the customer reveals sensitive financial and personal information. This is why security is very important. When system is secure, the process can be completed without the occurrence of undesired side effects. Let us use the house as an example to illustrate just how important security is when it comes to e-commerce. You may have noticed that your pets have a hard time accessing the house. So you decide to cut a small hole into your back door to let them in. The unfortunate thing is that buglers also may take advantage and use the little hole to steal from you. In this way, an unintended avenue has been created and there is now insecurity in your house.
Tidd & Bessant (2011) confirm thatthere are two different perspectives to security when it comes to the software development industry. Good software should have in-built security system that makes it very secure. The most common software security feature is ensuring a password that is at least six characters long. To make security even tighter, sensitive and private information is provided. As far as consumers are concerned, there is the need for protection from online attacks. Consumers need to understand that even if they have the best passwords for their online accounts, if they do not log off after accessing them, they are not safe from hackers. It is just like having the latest and the best alarm system in your house to keep away thieves yet leaving your doors open.
Players in e-commerce
Typically, a shopper goes to a retailer or manufacturer’s website, browses and finds the product he or she wants and purchases it. As such, there are four main players when it comes to e-commerce. The first player is the consumer who is in need of a product or service. These sites where consumers make purchases are operated by merchants who are selling these goods and services. The merchant who administers these websites is the second player. The third players in the e-commerce industry are the software vendors who build the software. It is from these vendors that merchants purchase software to run their websites. The fourth player is the attacker. The attacker’s aim is to profit by exploiting the other three players in the industry (Stuller, 2007).
The attacker tries to come up with all sorts of schemes to exploit the resources of the consumer, the merchant and the software developer. The vulnerability of the e-commerce is dealt with under availability, integrity and confidentiality. There are many ways to examine treats in the e-commerce industry. A system should not be vulnerable. Sometimes even when a system is vulnerable to attacks from a certain angle, the attackers may not be aware. It is like leaving your front door open without telling anyone else, then no outsiders may take advantage of this.
Security features are important in ensuring that software is not vulnerable to attacks. These security features do not necessarily guarantee safety but they make the players less vulnerable to attackers. They are divided into four main categories. The first category is that of authentication which is used to verify that a user is really who he or she claims to be. Suppose, a client wishes to log in to his or her bank account, he/she has to provide proof that he/she really is the owner of a particular bank account. This will prevent unauthorized personnel from accessing private and confidential information belonging to clients.
The second category is authorization which limits the extent to which a client is allowed to manipulate the system. In the event when a client accesses his or her bank account and tries to increase account balance, he or she will be informed by the system that he/she is not authorized to access that much information. Encryption is the third category and it deals with hiding of information. This ensures that hackers do not spy on clients when they are banking online. The last category is auditing which involves keeping track of activities that took place online. This will help merchants by providing proofs that a customer really has bought a product.
There have been increased cases of attacks on e-commerce websites raising questions about whether e-commerce websites are more vulnerable to attacks than other websites. The reason why such attacks make big news is because whenever they are attacked, sensitive information is leaked out to the public. This trend is worrying considering that the same web developers that create software for other types of websites are the ones that are contracted to build these e-commerce websites. This is probably because these criminals realized that there was more to gain when they attacked e-commerce sites than when they attacked other websites.
When compared to robbing a bank, hackers need relatively cheaper resources to hack into an e-commerce website. The criminals only require a computer and internet access. Unlike in a bank robbery where expensive tools may be required, a car for getting away and much other logistical support, online hackers require much less. The low cost of online robbery makes it a better choice for many criminals, hence the increase in the number of online theft. The returns that these criminals are able to make from attacking e-commerce websites are enormous. This considering that the risks are much less makes it quite lucrative.
If a hacker is able to access an e-commerce website for a bank and withdraw just a penny from all the accounts, the hacker can easily make billions of dollars. This is a windfall compared to a robber who decides to break into the local bank to get only a couple of millions. This is because most bank branches do not keep a lot of hard cash within the bank as most of their money is stored way in bits and bytes. Again, the robber who steals from local banks can only rob a certain number of banks. This is not the case with an e-commerce bank robber who can choose from any bank in the world in an online operation. These online bank robbers often take advantage of the lack of extradition rules between their country and a different country to steal from outside their country.
Online robbers who take advantage of e-commerce do a lot of planning and are careful not to leave any trails behind. This is because it is easy for one to make be anonymous on the net in such a way that an act of crime cannot be traced back to them. Information for online cracking and attacking is also quite readily available online.
Vacca (2009) confirms that e-commerce websites are vulnerable both at entry and exit points. This is because they are customized in a way that gives the customer easier access. The online robber attacks the shopper, the software vendor, the shopper’s computer, the website’s server and the network connection between the shopper and the website. Tricking the shopper remains one of the most profitable methods used by online thieves. Through their social engineering tricks, these attackers are able to monitor the activities of a shopper and are able to gather information they can then use to trick the shopper. Most of these sites require shoppers to give their mother’s maiden name as a security question. Hackers may trick a shopper into giving this information out leading to attack. This is because the shopper may have used the same log in ID for other online accounts.
Methods used by cyber attackers/ hackers
Robbers have been known to call shoppers pretending to be representatives of particular e-commerce sites visited by a particular shopper. They are able to extract private information from the shopper which they then use to exploit him or her. With all these pieces of information, the hacker then calls the service provider seeking the password to be reset to specific values. Once the password is changed, the hacker can then manipulate the shopper’s account however he or she wishes.
The other method online thieves use is snooping in the shopper’s computter for personal details. Most shoppers who own and use computers have absolutely no idea just how vulnerable they are to online hackers. There are also those hardware vendors that wish to sell their products really fast. They end up deactivating some security features in order to make them easy to install. This software without detailed security aspects appeals to many computer users. Unfortunately, this easy to install software is more vulnerable to attacks by hackers. Tools such as SATAN are commonly used by hackers to spy on shoppers in order to access private information. The attacker also monitors information that is exchanged between the server and the shopper.
Another common method used by hackers is guessing a shopper’s password. Sometimes the password is guessed and sometimes it is automated. Guessing the password for a shopper’s account is tedious and almost impossible unless the attacker knows something about the shopper. An example is when a shopper uses the name of their child as a password. If the hacker knows the name of the shopper’s child then it is easier to hack his/her accounts. Tools for testing passwords exist cheaply in the internet and most of the hackers know just where to get them from.
The attackers may also use server bugs. The attacker keeps track of all the sites accessed by the shopper. He then studies the websites to understand the patches used for the software. The attacker then exploits these sites without the necessary patches. With millions of severs online, some administrators sometimes forget to apply necessary patches. The most coveted way of hacking an E-commerce website is through an attack on the server root. When a hacker attacks a shopper, there is so much harm they can cause. But when they exploit the server root, the possibilities are unlimited. When a hacker exploits the root server, he gets hold of all the information belonging to the customers and the merchant. He can then steal as much as he wishes from all involved making him a fortune.
Harry (2009) reckons that despite all the hacking and cracking involved, e-commerce has remained a safe industry over the years. There are enormous resources that are available to merchants that transact online. The merchants are willing to go to all lengths to ensure that their customers are protected and are not vulnerable to these online attacks. The people that use the system should make sure that they keep their passwords and personal information safe. Customers must be educated to ensure that they install firewalls in their personal computers and store private information in an encrypted form for security reasons.
Defence: how to keep safe from cyber attacks
The software providers must install a firewall for the server to protect it from attackers. They also need to ensure that any attempt to hack into the system is detected and reported by the system. Any attempt at accessing information that is not permitted by a shopper should be detected by the system because it is possible the system could have been compromised. Users must never store passwords for their accounts in plain text as this can be accessed by wrong people. Ethical hackers who know how to protect systems should be employed to analyse the system. Cookies are another good way of keeping track of sessions by clients. This can be very useful in tracking down hackers.
Bainbridge (2004) states that the best way to ensure security is to be prepared to counterattacks when hacking occurs. When selecting software vendors, it is important that a merchant goes for a developer that has ways of dealing with security threats and attacks. There is a security check list that shoppers can use when transacting online. The first thing that a shopper should avoid is using the same password for numerous accounts. A shopper should also ensure that the password he/she uses has at least six characters and contains some special characters.
Shoppers are also advised not to shop from websites whose SSL certificate is not recognized by the shopper’s server. This is because such sites are used by hackers and they make them look like the genuine websites belonging to the real merchants. They sometimes create websites with names that resemble the genuine websites and shoppers use these fake websites without recognizing the difference. These hackers even send information to the innocent shoppers, which looks like it is from the genuine merchant. Caution should therefore be exercised and personal information not revealed under any circumstance to ensure one’s safety when shopping online.
It is extremely advisable that once a person is through with online shopping or browsing, he or she must always remember to log off to prevent someone else from accessing their personal information. It is always wise for online shoppers to use credit cards as most credit card service providers often help out with damaged or non-existent goods. When shopping online, shoppers are advised to go for genuine websites. Most genuine brands have both a brick and mortar store as well as an e-commerce store. Still, all these websites can be compromised. This report has summarized security matters in the e-commerce industry by looking at the main players in the industry, their vulnerability and what can be done to defend shoppers and merchants from these attacks. Development of better technology has made it possible for developers to create websites that are impossible to hack. The vendor has to be proactive in handling security matters. The shoppers must also be cautious and vigilant when shopping online.